Appln.No.: 09/874,258 
Amendment dated November 9, 2005 
Reply to Office Action of August 9, 2005 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
Listing of Claims: 

Claim 1 (original): A method for creating a virtual private network (VPN) over a 
telecommunications network, comprising steps of: 

sending a request from a first VPN device to a second VPN device for establishing a 
VPN between the first and second VPN devices, the request including a first signed certificate 
having at least one verified VPN parameter for the first VPN device; and 

receiving a reply at the first VPN device from the second VPN device, the reply including 
a second signed certificate having at least one verified VPN parameter for the second VPN 
device; and 

establishing the VPN between the first and second VPN devices based on each verified 
VPN parameter for each of the first and second VPN devices. 

Claim 2 (original): The method according to claim 1, further comprising a step of sending a 
request from the first VPN device to an on-line database connected to the telecommunications 
network for obtaining a secure domain name address associated with the second VPN device. 

Claim 3 (original): The method according to claim 2, wherein the step of sending the request 
from the first VPN device to the second VPN device sends the request to the secure domain 
name address associated with the second VPN device. 

Claim 4 (previously presented): The method according to claim 1, wherein the step of sending 
the request from the first VPN device to the second VPN device for establishing the VPN further 
includes receiving a request for establishing the VPN from a client device that is associated with 
the first VPN device. 

Claim 5 (original): The method according to claim 4, wherein the request received from the 
client device includes a destination designation for the VPN. 
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Claim 6 (original): The method according to claim 4, wherein the request received from the 
client device includes a source/destination designation for the VPN. 

Claim 7 (original): The method according to claim 6, wherein the source/destination designation 
includes a wild card designation. 

Claim 8 (original): The method according to claim 1, further comprising a step of verifying at the 
first VPN device the second signed certificate having at least one verified VPN parameter for the 
second VPN device. 

Claim 9 (original): The method according to claim 8, wherein the step of verifying the second 
signed certificate includes a step of sending a request from the first VPN device to an on-line 
database for obtaining a public key associated with the second VPN device. 

Claim 10 (original): The method according to claim 9, further comprising a step of verifying at 
the second VPN device the first signed certificate having at least one verified VPN parameter for 
the first VPN device. 

Claim 11 (original): The method according to claim 10, wherein the step of verifying the first 
signed certificate includes a step of sending a request to an on-line database from the second 
VPN device for obtaining a public key associated with the first VPN device. 

Claim 12 (previously presented): The method according to claim 1, further comprising steps of: 
determining at the second VPN device whether a policy rule prevents a VPN connection 

to the first VPN device; and 

sending the reply to the first VPN device from the second VPN device when no policy 

rule prevents a VPN connection to the first VPN device, and not sending the reply to the first 

VPN device when a policy rule prevents a VPN connection to the first VPN device. 
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Claim 13 (original): The method according to claim 1, wherein the telecommunications network 
is the Internet. 

Claim 14 (original): The method according to claim 1, wherein the step of establishing the VPN 
between the first and second VPN devices establishes a standing VPN connection. 

Claim 15 (original): The method according to claim 1, wherein the step of establishing the VPN 
between the first and second VPN devices establishes a VPN of opportunity. 

Claim 16 (original): A method for creating a virtual private network (VPN) over a 
telecommunications network, comprising steps of: 

receiving a request from a first VPN device at a second VPN device for establishing a 
VPN between the first and second VPN devices, the request including a first signed certificate 
having at least one verified VPN parameter for the first VPN device; and 

sending a reply to the first VPN device from the second VPN device, the reply including 
a second signed certificate having at least one verified VPN parameter for the second VPN 
device; and 

establishing the VPN between the first and second VPN devices based on each verified 
VPN parameter for each of the first and second VPN devices. 

Claim 17 (original): The method according to claim 16, further comprising a step of sending a 
request from the second VPN device to an on-line database connected to the telecommunications 
network for obtaining a secure domain name address associated with the second VPN device. 

Claim 18 (original): The method according to claim 16, further comprising a step of verifying at 
the second VPN device the first signed certificate having at least one verified VPN parameter for 
the first VPN device. 
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Claim 19 (original): The method according to claim 18, wherein the step of verifying the first 
signed certificate includes a step of sending a request from the second VPN device to an on-line 
database for obtaining a public key associated with the first VPN device. 

Claim 20 (previously presented): The method according to claim 16, further comprising steps of: 
determining at the second VPN device whether a policy rule prevents a VPN connection 

to the first VPN device; and 

sending the reply to the first VPN device from the second VPN device when no policy 

rule prevents a VPN connection to the first VPN device, and not sending the reply to the first 

VPN device when a policy rule prevents a VPN connection to the first VPN device. 

Claim 21 (original): The method according to claim 16, wherein the telecommunications 
network is the Internet. 

Claim 22 (original): The method according to claim 16, wherein the step of establishing the VPN 
between the first and second VPN devices establishes a standing VPN connection. 

Claim 23 (original): The method according to claim 16, wherein the step of establishing the VPN 
between the first and second VPN devices establishes a VPN of opportunity. 

Claim 24 (previously presented): A method for creating a virtual private network (VPN) over a 
telecommunications network, comprising steps of: 

sending a certificate request for a virtual private network (VPN) device to a certification 
authority connected to the telecommunications network, the certificate request including at least 
one VPN parameter that will be used by the VPN device for establishing a VPN over the 
telecommunications network; 

receiving a signed certification from the certification authority, the signed certification 
containing the at least one VPN parameter contained in the certificate request; 



Page 5 of 22 



Appln.No.: 09/874,258 
Amendment dated November 9, 2005 
Reply to Office Action of August 9, 2005 

configuring the VPN device to operate in accordance with the at least one VPN parameter 
contained in the signed certificate, 

exchanging the signed certificate with another VPN device at a selected 
telecommunications network address; and 

establishing the VPN in accordance with the at least one VPN parameter contained in the 
signed certificate. 

Claim 25 (original): The method according to claim 24, wherein the certificate request includes 
at least one telecommunications network address that the VPN device will use as a client 
network address for a VPN established through the VPN device. 

Claim 26 (original): The method according to claim 25, wherein the certificate request includes a 
range of telecommunications network addresses that the VPN device will use as client network 
addresses for VPNs established through the VPN device. 

Claim 27 (canceled) 

Claim 28 (previously presented): The method according to claim 24, wherein the step of 
establishing the VPN is further based on a source and destination name pair. 

Claim 29 (original): The method according to claim 28, wherein the source and destination name 
pair includes a wild card designation. 

Claim 30 (previously presented): The method according to claim 24, wherein the step of 
establishing the VPN is further based on at least one rule allowing a VPN connection to the 
selected telecommunications network address. 

Claim 31 (previously presented): The method according to claim 24, wherein the step of 
establishing the VPN is further based on a Quality of Service parameter. 
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Claim 32 (previously presented): The method according to claim 24, wherein the step of 
establishing the VPN is further based on a bandwidth limitation parameter. 

Claim 33 (original): The method according to claim 24, wherein the telecommunications 
network is the Internet. 

Claim 34 (original): The method according to claim 24, further comprising steps of: 

receiving a request from a client device connected to the VPN device for establishing a 

VPN connection to a selected telecommunications network address; and 

querying an on-line database connected to the telecommunications network for obtaining 

a secure domain name address for the selected telecommunications network address, 

wherein the step of establishing the VPN connection to the selected telecommunications 

network address is performed when the on-line database contains the secure domain name 

address for the selected telecommunications network address. 

Claim 35 (original): The method according to claim 34, wherein the request for establishing the 
VPN contains a source and destination name pair. 

Claim 36 (original): The method according to claim 24, further comprising a step of sending at 
least one VPN parameter for the VPN device that is not contained in the certificate request to the 
certification authority for verification by the certificate authority. 

Claim 37 (original): The method according to claim 24, further comprising steps of: 

receiving the certificate request for the VPN device from the VPN device at the 
certification authority; 

verifying at the certification authority the at least one VPN parameter contained in the 
certificate request; and 
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sending the signed certification to the VPN device when each VPN parameter contained 
in the certificate request is verified. 

Claim 38 (original): The method according to claim 37, wherein the certificate request includes 
at least one telecommunications network address that the VPN device will use as a client 
network address for a VPN established through the VPN device, 

wherein the step of verifying verifies each telecommunication network address contained 
in the certificate request. 

Claim 39 (original): The method according to claim 37, wherein the certificate request includes a 
range of telecommunications network addresses that the VPN device will use as client network 
addresses for VPNs established through the VPN device, 

wherein the step of verifying verifies the range of telecommunications network addresses 
contained in the certificate request. 

Claim 40 (original): The method according to claim 24, further comprising steps of: 

receiving a request at an on-line database connected to the telecommunications network 

from the VPN device for a secure domain name address for a selected VPN device connected to 

the telecommunications network; and 

sending the secure domain name address for the selected VPN device to the requesting 

VPN device when the secure domain name address for the selected VPN device is contained in 

the online database. 

Claim 41 (original): The method according to claim 24, further comprising steps of: 

receiving at the certification authority at least one VPN parameter for the VPN device 

that is not contained in the certificate request; and 

storing the at least one received VPN parameter that is not contained in the certificate 

request in an on-line database. 
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Claims 42-45 (canceled) 

Claim 46 (currently amended): A virtual private network (VPN) device, comprising: 

a memory containing a certificate that has been signed by a certification authority, the 
signed certificate containing at least one VPN parameter for the VPN device that has been 
verified by the certification authority , and a plurality of pre-authorized name pairs having a local 
name and a remote name for a VPN ; and 

a processor programmed to receive a request for establishing a VPN between the VPN 
device and a second VPN device and to respond to the request by sending the signed certificate 
over a telecommunications network to the second VPN device based on the received request. 

Claim 47 (previously presented): The VPN device according to claim 46, wherein the request is 
received from the second VPN device, wherein the request includes a signed certificate for the 
second VPN device, the signed certificate for the second VPN device containing at least one 
VPN parameter for the second VPN device that has been verified by a second certification 
authority. 

Claim 48 (original): The VPN device according to claim 47, wherein the processor verifies the 
signed certificate for the second VPN device before sending the signed certificate to the second 
VPN device. 

Claim 49 (original): The VPN device according to claim 48, wherein the processor verifies the 
signed certificate for the second VPN device using a public key associated with the second VPN 
device. 

Claim 50 (previously presented): The VPN device according to claim 47, wherein the processor 
establishes a VPN based on each verified VPN parameter for the VPN device and based on each 
verified VPN parameter for the second VPN device. 



Page 9 of 22 



Appln. No.: 09/874,258 
# Amendment dated November 9, 2005 
Reply to Office Action of August 9, 2005 

Claim 51 (original): The VPN device according to claim 46, wherein the request is received from 
a client device associated with the VPN device, 

wherein the processor sends a request to an on-line database connected to the 
telecommunications network for obtaining a secure domain name address associated with the 
second VPN device, and 

wherein the processor sends the signed certificate over the telecommunications network 
to the secure domain name address associated with the second VPN device. 

Claim 52 (original): The VPN device according to claim 51, wherein the request received from 
the client device includes a destination designation for the VPN. 

Claim 53 (original): The VPN device according to claim 51, wherein the request received from 
the client device includes a source/destination designation for the VPN. 

Claim 54 (original): The VPN device according to claim 51, wherein the source/destination 
designation includes a wild card designation. 

Claim 55 (original): The VPN device according to claim 46, wherein the processor determines 
whether a policy rule contained in the memory prevents a VPN connection to the second VPN 
device; and 

wherein the processor sends the certificate to the second VPN device when no policy rule 
contained in the memory prevents a VPN connection to the second VPN device. 

Claim 56 (original): The VPN device according to claim 46, wherein the telecommunications 
network is the Internet. 

Claim 57 (original): The VPN device according to claim 46, wherein the request for establishing 
a VPN is a request for establishing a standing VPN connection. 
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Claim 58 (original): The VPN device according to claim 46, wherein the request for establishing 
a VPN is a request for establishing a VPN of opportunity. 

Claim 59 (original): The VPN device according to claim 46, wherein the VPN device is one of a 
VPN concentrator, a router, a firewall and a host computer. 

Claim 60 (previously presented): A computer-readable medium containing computer executable 
instructions for performing steps of: 

sending a request from a first VPN device to a second VPN device for establishing a 
VPN between the first and second VPN devices, the request including a first signed certificate 
having at least one verified VPN parameter for the first VPN device; and 

receiving a reply at the first VPN device from the second VPN device, the reply including 
a second signed certificate having at least one verified VPN parameter for the second VPN 
device; and 

establishing the VPN between the first and second VPN devices based on each verified 
VPN parameter for each of the first and second VPN devices. 

Claim 61 (original): The computer-readable medium according to claim 60, further comprising a 
step of sending a request from the first VPN device to an on-line database connected to the 
telecommunications network for a secure domain name address associated with the second VPN 
device. 

Claim 62 (original): The computer-readable medium according to claim 61, wherein the step of 
sending the request from the first VPN device to the second VPN device sends the request to the 
secure domain name address associated with the second VPN device. 

Claim 63 (previously presented): The computer-readable medium according to claim 60, wherein 
the step of sending the request from the first VPN device to the second VPN device for 
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establishing the VPN further includes receiving a request for establishing the VPN from a client 
device that is associated with the first VPN device. 

Claim 64 (original): The computer-readable medium according to claim 63 , wherein the request 
received from the client device includes a destination designation for the VPN. 

Claim 65 (original): The computer-readable medium according to claim 63, wherein the request 
received from the client device includes a source/destination designation for the VPN. 

Claim 66 (original): The computer-readable medium according to claim 65, wherein the 
source/and destination designation includes a wild card designation. 

Claim 67 (original): The computer-readable medium according to claim 60, further comprising a 
step of verifying at the first VPN device the second signed certificate having at least one verified 
VPN parameter for the second VPN device. 

Claim 68 (original): The computer-readable medium according to claim 67, wherein the step of 
verifying the second signed certificate includes a step of sending a request from the first VPN 
device to an on-line database for a public key associated with the second VPN device. 

Claim 69 (original): The computer-readable medium according to claim 68, further comprising a 
step of verifying at the second VPN device the first signed certificate having at least one verified 
VPN parameter for the first VPN device. 

Claim 70 (original): The computer-readable medium according to claim 69, wherein the step of 
verifying the first signed certificate includes a step of sending a request to an on-line database 
from the second VPN device for a public key associated with the first VPN device. 
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Claim 71 (previously presented): The computer-readable medium according to claim 60, further 
comprising steps of: 

determining at the second VPN device whether a policy rule prevents a VPN connection 
to the first VPN device; and 

sending the reply to the first VPN device from the second VPN device when no policy 
rule prevents a VPN connection to the first VPN device, and not sending the reply to the first 
VPN device when a policy rule prevents a VPN connection to the first VPN device. 

Claim 72 (original): The computer-readable medium according to claim 60, wherein the 
telecommunications network is the Internet. 

Claim 73 (original): The computer-readable medium according to claim 60, wherein the step of 
establishing the VPN between the first and second VPN devices establishes a standing VPN 
connection. 

Claim 74 (original): The computer-readable medium according to claim 60, wherein the step of 
establishing the VPN between the first and second VPN devices establishes a VPN of 
opportunity. 

Claim 75 (previously presented): A computer-readable medium containing computer-executable 
instructions for performing steps of: 

sending a certificate request for a virtual private network device to a certification 
authority connected to the telecommunications network, the certificate request including at least 
one VPN parameter that will be used by the VPN device for establishing a VPN over the 
telecommunications network; 

receiving a signed certification from the certification authority, the signed certification 
containing the at least one VPN parameter contained in the certificate request; 

configuring the VPN device to operate in accordance with the at least one VPN parameter 
contained in the signed certificate, 
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exchanging the signed certificate with another VPN device at a selected 
telecommunications network address; and 

establishing the VPN in accordance with the at least one VPN parameter contained in the 
signed certificate. 

Claim 76 (original): The computer-readable medium according to claim 75, wherein the 
certificate request includes at least one telecommunications network address that the VPN device 
will use as a client network address for a VPN established through the VPN device. 

Claim 77 (original): The computer-readable medium according to claim 75, wherein the 
certificate request includes a range of telecommunications network addresses that the VPN 
device will use as client network addresses for VPNs established through the VPN device. 

Claim 78 (original): The computer-readable medium according to claim 75, wherein the 
telecommunications network is the Internet. 

Claims 79-82 (canceled) 

Claim 83 (previously presented): The VPN device according to claim 47, wherein the second 
certification authority and the certification authority are the same. 
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